{"id":618,"date":"2024-02-24T10:59:00","date_gmt":"2024-02-24T10:59:00","guid":{"rendered":"https:\/\/www.securesteps.tn\/?p=618"},"modified":"2024-02-24T11:19:22","modified_gmt":"2024-02-24T11:19:22","slug":"secure-code-review-2","status":"publish","type":"post","link":"https:\/\/www.securesteps.tn\/ar\/secure-code-review-2\/","title":{"rendered":"Secure Code Review : Critical process you need to know"},"content":{"rendered":"<p>\u062a\u0639\u062f \u0645\u0631\u0627\u062c\u0639\u0629 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u0622\u0645\u0646\u0629 \u0639\u0645\u0644\u064a\u0629 \u0645\u0647\u0645\u0629 \u0641\u064a \u062a\u0637\u0648\u064a\u0631 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0644\u062a\u062d\u062f\u064a\u062f \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629 \u0641\u064a \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0648\u0627\u0644\u062a\u062e\u0641\u064a\u0641 \u0645\u0646 \u062d\u062f\u062a\u0647\u0627. \u0647\u0646\u0627 \u060c \u0633\u0623\u0632\u0648\u062f\u0643 \u0628\u062f\u0644\u064a\u0644 \u062e\u0637\u0648\u0629 \u0628\u062e\u0637\u0648\u0629 \u062d\u0648\u0644 \u0643\u064a\u0641\u064a\u0629 \u0625\u062c\u0631\u0627\u0621 \u0645\u0631\u0627\u062c\u0639\u0629 \u0622\u0645\u0646\u0629 \u0644\u0644\u0631\u0645\u0632 \u060c \u0625\u0644\u0649 \u062c\u0627\u0646\u0628 \u0628\u0639\u0636 \u0627\u0644\u0623\u0645\u062b\u0644\u0629 \u0639\u0644\u0649 \u0645\u0634\u0643\u0644\u0627\u062a \u0627\u0644\u0623\u0645\u0627\u0646 \u0627\u0644\u0634\u0627\u0626\u0639\u0629 \u0648\u0627\u0644\u0625\u0635\u0644\u0627\u062d\u0627\u062a \u0627\u0644\u0645\u0642\u0627\u0628\u0644\u0629 \u0644\u0647\u0627.<\/p>\n\n\n\n<p class=\"has-text-align-left\">\u062f\u0644\u064a\u0644 \u062a\u0641\u0635\u064a\u0644\u064a \u062e\u0637\u0648\u0629 \u0628\u062e\u0637\u0648\u0629 \u0644\u0645\u0631\u0627\u062c\u0639\u0629 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u0622\u0645\u0646\u0629:<\/p>\n\n\n<ol>\n<li><strong>\u0627\u0641\u0647\u0645 \u0627\u0644\u0645\u062a\u0637\u0644\u0628\u0627\u062a<\/strong>: \u062a\u0639\u0631\u0641 \u0639\u0644\u0649 \u0645\u062a\u0637\u0644\u0628\u0627\u062a \u0627\u0644\u0645\u0634\u0631\u0648\u0639 \u0648\u0645\u0648\u0627\u0635\u0641\u0627\u062a\u0647 \u0648\u0625\u0631\u0634\u0627\u062f\u0627\u062a \u0627\u0644\u0623\u0645\u0627\u0646.<\/li>\n \n<li><strong>\u0627\u062e\u062a\u0631 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u0635\u062d\u064a\u062d\u0629<\/strong>: \u0627\u0633\u062a\u062e\u062f\u0645 \u0623\u062f\u0648\u0627\u062a \u0645\u0631\u0627\u062c\u0639\u0629 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0627\u0644\u062a\u064a \u064a\u0645\u0643\u0646 \u0623\u0646 \u062a\u0633\u0627\u0639\u062f \u0641\u064a \u062a\u062d\u062f\u064a\u062f \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u062a\u0644\u0642\u0627\u0626\u064a\u064b\u0627. \u062a\u062a\u0636\u0645\u0646 \u0628\u0639\u0636 \u0627\u0644\u0623\u062f\u0648\u0627\u062a \u0627\u0644\u0634\u0627\u0626\u0639\u0629 SAST (\u0627\u062e\u062a\u0628\u0627\u0631 \u0623\u0645\u0627\u0646 \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0627\u0644\u062b\u0627\u0628\u062a) \u0648\u0623\u062f\u0648\u0627\u062a \u062a\u062d\u0644\u064a\u0644 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0645\u062b\u0644 SonarQube \u0648 Fortify \u0648 Checkmarx.<\/li>\n \n<li><strong>\u0641\u062d\u0635 \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u0648\u0627\u0644\u062a\u0631\u062e\u064a\u0635<\/strong>: \u0631\u0627\u062c\u0639 \u0643\u064a\u0641\u064a\u0629 \u062a\u0646\u0641\u064a\u0630 \u0645\u0635\u0627\u062f\u0642\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0648\u0627\u0644\u062a\u0631\u062e\u064a\u0635. \u062a\u0623\u0643\u062f \u0645\u0646 \u062d\u0645\u0627\u064a\u0629 \u0627\u0644\u0639\u0645\u0644\u064a\u0627\u062a \u0648\u0627\u0644\u0645\u0648\u0627\u0631\u062f \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0628\u0634\u0643\u0644 \u0635\u062d\u064a\u062d.<\/li>\n<\/ol>\n\n\n<p>\u0645\u062b\u0627\u0644 - \u0627\u0644\u0645\u0635\u0627\u062f\u0642\u0629 \u063a\u064a\u0631 \u0627\u0644\u0622\u0645\u0646\u0629:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background\"><code><code>\/\/ Insecure code - Storing passwords in plain text\npublic boolean authenticateUser(String username, String password) {\n    String storedPassword = database.getPasswordByUsername(username);\n    return password.equals(storedPassword);<\/code>}<\/code><\/pre>\n\n\n\n<p>\u0625\u0635\u0644\u0627\u062d - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u062a\u062c\u0632\u0626\u0629 \u0627\u0644\u0645\u0645\u0644\u062d\u0629 \u0644\u0643\u0644\u0645\u0627\u062a \u0627\u0644\u0645\u0631\u0648\u0631:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code><code>\/\/ Secure code - Using salted hashing for password storage\npublic boolean authenticateUser(String username, String password) {\n    String storedPasswordHash = database.getPasswordHashByUsername(username);\n    String salt = database.getSaltByUsername(username);\n    String hashedPassword = hashFunction(password + salt);\n    return hashedPassword.equals(storedPasswordHash);<\/code>}<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li><strong>\u062a\u062d\u0642\u0642 \u0645\u0646 \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0625\u062f\u062e\u0627\u0644<\/strong>: \u0627\u0628\u062d\u062b \u0639\u0646 \u0645\u0634\u0643\u0644\u0627\u062a \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u062a\u064a \u0642\u062f \u062a\u0624\u062f\u064a \u0625\u0644\u0649 \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0623\u0648 \u0647\u062c\u0645\u0627\u062a \u0627\u0644\u062a\u0644\u0627\u0639\u0628 \u0628\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a.<\/li>\n<\/ol>\n\n\n\n<p>\u0645\u062b\u0627\u0644 - \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0625\u062f\u062e\u0627\u0644 SQL:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code># \u0643\u0648\u062f \u063a\u064a\u0631 \u0622\u0645\u0646 - \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0644\u0625\u062f\u062e\u0627\u0644 SQL \u0647\u064a get_user_by_id (\u0645\u0639\u0631\u0641 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645): \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645 = &quot;\u062d\u062f\u062f * \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 \u062d\u064a\u062b \u0627\u0644\u0645\u0639\u0631\u0641 = &#039;&quot; + user_id + &quot;&#039;\u061b&quot; \u0627\u0644\u0646\u062a\u064a\u062c\u0629 = execute_sql_query (\u0627\u0633\u062a\u0639\u0644\u0627\u0645) \u0625\u0631\u062c\u0627\u0639 \u0627\u0644\u0646\u062a\u064a\u062c\u0629<\/code><\/pre>\n\n\n\n<p>\u0625\u0635\u0644\u0627\u062d - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0630\u0627\u062a \u0627\u0644\u0645\u0639\u0627\u0645\u0644\u0627\u062a:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code># \u0631\u0645\u0632 \u0622\u0645\u0646 - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u0627\u062a \u0630\u0627\u062a \u0627\u0644\u0645\u0639\u0644\u0645\u0627\u062a def get_user_by_id (\u0645\u0639\u0631\u0641 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645): \u0627\u0644\u0627\u0633\u062a\u0639\u0644\u0627\u0645 = &quot;SELECT * \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u064a\u0646 WHERE id = %s\u061b&quot; \u0627\u0644\u0646\u062a\u064a\u062c\u0629 = execute_sql_query (\u0627\u0633\u062a\u0639\u0644\u0627\u0645\u060c (user_id\u060c)) \u0625\u0631\u062c\u0627\u0639 \u0627\u0644\u0646\u062a\u064a\u062c\u0629<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"5\">\n<li><strong>\u0645\u0639\u0627\u0644\u062c\u0629 \u062d\u0627\u0644\u0627\u062a \u0627\u0644\u062e\u0637\u0623<\/strong>: \u062a\u0623\u0643\u062f \u0645\u0646 \u0623\u0646 \u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u062e\u0637\u0623 \u0644\u0627 \u062a\u0639\u0631\u0636 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0648\u064a\u062a\u0645 \u0627\u0644\u062a\u0639\u0627\u0645\u0644 \u0645\u0639\u0647\u0627 \u0628\u0623\u0645\u0627\u0646.<\/li>\n<\/ol>\n\n\n\n<p>\u0645\u062b\u0627\u0644 - \u062a\u0633\u0631\u0628 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code>\/\/ \u0631\u0645\u0632 \u063a\u064a\u0631 \u0622\u0645\u0646 - \u0627\u0644\u0643\u0634\u0641 \u0639\u0646 \u0645\u0639\u0644\u0648\u0645\u0627\u062a \u062e\u0637\u0623 \u062d\u0633\u0627\u0633\u0629 \u0625\u0630\u0627 (! isAuthorized (\u0645\u0633\u062a\u062e\u062f\u0645)) {throw new SecurityException (&quot;\u0648\u0635\u0648\u0644 \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647 \u0644\u0644\u0645\u0633\u062a\u062e\u062f\u0645:&quot; + user.getName ())\u061b }<\/code><\/pre>\n\n\n\n<p>\u0625\u0635\u0644\u0627\u062d - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0631\u0633\u0627\u0626\u0644 \u0627\u0644\u062e\u0637\u0623 \u0627\u0644\u0639\u0627\u0645\u0629:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code>\/\/ Secure code - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0631\u0633\u0627\u0626\u0644 \u062e\u0637\u0623 \u0639\u0627\u0645\u0629 \u0625\u0630\u0627 (! isAuthorized (\u0645\u0633\u062a\u062e\u062f\u0645)) {throw new SecurityException (&quot;\u0648\u0635\u0648\u0644 \u063a\u064a\u0631 \u0645\u0635\u0631\u062d \u0628\u0647&quot;) \u061b }<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li><strong>\u0645\u0631\u0627\u062c\u0639\u0629 \u062a\u062e\u0632\u064a\u0646 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0648\u062a\u0634\u0641\u064a\u0631\u0647\u0627<\/strong>: \u062a\u062d\u0642\u0642 \u0645\u0646 \u0643\u064a\u0641\u064a\u0629 \u062a\u062e\u0632\u064a\u0646 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629 \u0648\u062a\u0623\u0643\u062f \u0645\u0646 \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0637\u0631\u0642 \u0627\u0644\u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u0645\u0646\u0627\u0633\u0628\u0629.<\/li>\n<\/ol>\n\n\n\n<p>\u0645\u062b\u0627\u0644 - \u0636\u0639\u0641 \u062a\u0634\u0641\u064a\u0631 \u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code># \u0631\u0645\u0632 \u063a\u064a\u0631 \u0622\u0645\u0646 - \u0628\u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062e\u0648\u0627\u0631\u0632\u0645\u064a\u0629 \u062a\u0634\u0641\u064a\u0631 \u0636\u0639\u064a\u0641\u0629 \u0645\u0646 \u0627\u0644\u062a\u0634\u0641\u064a\u0631.<\/code><\/pre>\n\n\n\n<p>\u0625\u0635\u0644\u0627\u062d - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062e\u0648\u0627\u0631\u0632\u0645\u064a\u0629 \u062a\u0634\u0641\u064a\u0631 \u0642\u0648\u064a\u0629:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code># \u0643\u0648\u062f \u0622\u0645\u0646 - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062e\u0648\u0627\u0631\u0632\u0645\u064a\u0629 \u062a\u0634\u0641\u064a\u0631 \u0642\u0648\u064a\u0629 (AES) \u0645\u0646 cryptography.hazmat.primitives \u0627\u0633\u062a\u064a\u0631\u0627\u062f \u062a\u062c\u0632\u0626\u0627\u062a \u0645\u0646 cryptography.hazmat.primitives.kdf.pbkdf2 \u0627\u0633\u062a\u064a\u0631\u0627\u062f PBKDF2HMAC \u0645\u0646 cryptography.hazmat.primitives.kdf.pbkdf2 import_default_defography.kdf. \u060c password): salt = b&#039;salt_ &#039;kdf = PBKDF2HMAC (\u062e\u0648\u0627\u0631\u0632\u0645\u064a\u0629 = hashes.SHA256 ()\u060c length = 32\u060c salt = salt\u060c iterations = 100000\u060c backend = default_backend ()) key = base64.urlsafe_b64encode (kdf.derive (password)) \u062a\u0634\u0641\u064a\u0631 \u0627\u0641\u062a\u0631\u0627\u0636\u064a = Cipher (algorithms) ryptor = cipher.encryptor () \u0625\u0631\u062c\u0627\u0639 encryptor.update (\u0627\u0644\u0628\u064a\u0627\u0646\u0627\u062a) + encryptor.finalize () def decrypt_data (encrypted_data \u060c password): salt = b&#039;salt_ &#039;kdf = PBKDF2HMAC (\u0627\u0644\u062e\u0648\u0627\u0631\u0632\u0645\u064a\u0629 = \u0627\u0644\u062a\u062c\u0632\u0626\u0629. kdf.derive (\u0643\u0644\u0645\u0629 \u0627\u0644\u0645\u0631\u0648\u0631)) \u0627\u0644\u062a\u0634\u0641\u064a\u0631 = \u0627\u0644\u062a\u0634\u0641\u064a\u0631 (\u0627\u0644\u062e\u0648\u0627\u0631\u0632\u0645\u064a\u0627\u062a.AES (\u0645\u0641\u062a\u0627\u062d) \u060c \u0627\u0644\u0623\u0648\u0636\u0627\u0639. CFB (iv) \u060c \u0627\u0644\u062e\u0644\u0641\u064a\u0629 = default_backend ()) decryptor = cipher.decryptor () \u0625\u0631\u062c\u0627\u0639 decryptor.update (encrypted_data) + decryptor.finalize ()<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"7\">\n<li><strong>\u062a\u062d\u0642\u0642 \u0645\u0646 \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0627\u062a \u0641\u064a \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629<\/strong>: \u0627\u0628\u062d\u062b \u0639\u0646 \u0627\u0644\u062b\u063a\u0631\u0627\u062a \u0627\u0644\u0623\u0645\u0646\u064a\u0629 \u0627\u0644\u0645\u062d\u062a\u0645\u0644\u0629 \u0645\u062b\u0644 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u064a\u0629 \u0639\u0646 \u0628\u0639\u062f (RCE) \u0648\u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0623\u0648\u0627\u0645\u0631.<\/li>\n<\/ol>\n\n\n\n<p>\u0645\u062b\u0627\u0644 - \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u062d\u0642\u0646 \u0627\u0644\u0623\u0648\u0627\u0645\u0631:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code># \u0643\u0648\u062f \u063a\u064a\u0631 \u0622\u0645\u0646 - \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0623\u0645\u0631 def run_shell_command (\u0623\u0645\u0631): os.system (\u0623\u0645\u0631)<\/code><\/pre>\n\n\n\n<p>\u0625\u0635\u0644\u0627\u062d - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0637\u0631\u0642 \u062a\u0646\u0641\u064a\u0630 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0627\u0644\u0645\u0646\u0627\u0633\u0628\u0629:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code># Secure code - \u062a\u062c\u0646\u0628 \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0623\u0648\u0627\u0645\u0631 \u0639\u0645\u0644\u064a\u0629 \u0627\u0644\u0627\u0633\u062a\u064a\u0631\u0627\u062f \u0627\u0644\u0641\u0631\u0639\u064a\u0629 def run_shell_command (\u0627\u0644\u0623\u0645\u0631): subprocess.run (\u0627\u0644\u0623\u0645\u0631 \u060c shell = True)<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"8\">\n<li><strong>\u0645\u0631\u0627\u062c\u0639\u0629 \u0645\u0643\u062a\u0628\u0627\u062a \u0627\u0644\u0637\u0631\u0641 \u0627\u0644\u062b\u0627\u0644\u062b<\/strong>: \u062a\u062d\u0642\u0642 \u0645\u0646 \u0623\u0645\u0627\u0646 \u0645\u0643\u062a\u0628\u0627\u062a \u0627\u0644\u062c\u0647\u0627\u062a \u0627\u0644\u062e\u0627\u0631\u062c\u064a\u0629 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0629 \u0641\u064a \u0627\u0644\u0645\u0634\u0631\u0648\u0639. \u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u062d\u062f\u064a\u062b\u0647\u0627 \u0648\u0639\u062f\u0645 \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0645\u0639\u0631\u0648\u0641\u0629.<\/li>\n\n\n\n<li><strong>\u062a\u062d\u0644\u064a\u0644 \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u062c\u0644\u0633\u0629<\/strong>: \u062a\u062d\u0642\u0642 \u0645\u0646 \u0643\u064a\u0641\u064a\u0629 \u0625\u062f\u0627\u0631\u0629 \u0627\u0644\u062c\u0644\u0633\u0627\u062a \u0648\u0625\u0646\u0634\u0627\u0621 \u0627\u0644\u0631\u0645\u0648\u0632 \u0627\u0644\u0645\u0645\u064a\u0632\u0629 \u0644\u0644\u062c\u0644\u0633\u0629 \u0628\u0634\u0643\u0644 \u0622\u0645\u0646.<\/li>\n<\/ol>\n\n\n\n<p>\u0645\u062b\u0627\u0644 - \u0625\u0646\u0634\u0627\u0621 \u0631\u0645\u0632 \u062c\u0644\u0633\u0629 \u063a\u064a\u0631 \u0622\u0645\u0646:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code>\/\/ \u0631\u0645\u0632 \u063a\u064a\u0631 \u0622\u0645\u0646 - \u0625\u0646\u0634\u0627\u0621 \u0631\u0645\u0632 \u062c\u0644\u0633\u0629 \u063a\u064a\u0631 \u0622\u0645\u0646 \u0639\u0627\u0645 String GeneratorSessionToken () {return UUID.randomUUID (). toString ()\u061b }<\/code><\/pre>\n\n\n\n<p>\u0625\u0635\u0644\u0627\u062d - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0645\u064f\u0646\u0634\u0626 \u0631\u0642\u0645 \u0639\u0634\u0648\u0627\u0626\u064a \u0622\u0645\u0646:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code>\/\/ Secure code - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0625\u0646\u0634\u0627\u0621 \u0627\u0644\u0631\u0645\u0632 \u0627\u0644\u0645\u0645\u064a\u0632 \u0644\u0644\u062c\u0644\u0633\u0629 \u0627\u0644\u0622\u0645\u0646\u0629 public String createSessionToken () {SecureRandom random = new SecureRandom ()\u061b \u0628\u0627\u064a\u062a [] tokenBytes = \u0628\u0627\u064a\u062a \u062c\u062f\u064a\u062f [32] \u061b random.nextBytes (tokenBytes) \u061b \u0625\u0631\u062c\u0627\u0639 Base64.getUrlEncoder (). withoutPadding (). encodeToString (tokenBytes) \u061b }<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"10\">\n<li><strong>\u0645\u0631\u0627\u062c\u0639\u0629 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0623\u062e\u0637\u0627\u0621<\/strong>: \u062a\u0623\u0643\u062f \u0645\u0646 \u062a\u0646\u0641\u064a\u0630 \u0645\u0639\u0627\u0644\u062c\u0629 \u0627\u0644\u0623\u062e\u0637\u0627\u0621 \u0628\u0634\u0643\u0644 \u0622\u0645\u0646 \u0648\u0639\u062f\u0645 \u0643\u0634\u0641 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0627\u0644\u062d\u0633\u0627\u0633\u0629.<\/li>\n\n\n\n<li><strong>\u062a\u062d\u0642\u0642 \u0645\u0646 \u0648\u062c\u0648\u062f \u062b\u063a\u0631\u0627\u062a \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u0646\u0635\u064a\u0629 \u0639\u0628\u0631 \u0627\u0644\u0645\u0648\u0627\u0642\u0639 (XSS)<\/strong>: \u0631\u0627\u062c\u0639 \u0643\u064a\u0641\u064a\u0629 \u0639\u0631\u0636 \u0645\u062f\u062e\u0644\u0627\u062a \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0641\u064a \u0627\u0644\u062a\u0637\u0628\u064a\u0642 \u0648\u062a\u0623\u0643\u062f \u0645\u0646 \u0627\u0644\u0647\u0631\u0648\u0628 \u0623\u0648 \u0627\u0644\u062a\u0637\u0647\u064a\u0631 \u0627\u0644\u0645\u0646\u0627\u0633\u0628.<\/li>\n<\/ol>\n\n\n\n<p>\u0645\u062b\u0627\u0644 - \u062b\u063a\u0631\u0629 \u0623\u0645\u0646\u064a\u0629 \u0641\u064a \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0627\u0644\u0646\u0635\u064a\u0629 \u0639\u0628\u0631 \u0627\u0644\u0645\u0648\u0627\u0642\u0639:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code>&lt;!-- Insecure code - XSS vulnerability --&gt;\n&lt;div&gt;\u0645\u0631\u062d\u0628\u0627\u064b\u060c &lt;%= user.getName() %&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<p>\u0627\u0644\u0625\u0635\u0644\u0627\u062d - \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u0627\u0644\u0647\u0631\u0648\u0628 \u0627\u0644\u0645\u0646\u0627\u0633\u0628:<\/p>\n\n\n\n<pre class=\"wp-block-code has-navbar-text-color-hover-color has-navbar-background-background-color has-text-color has-background has-small-font-size\"><code>&lt;!-- Secure code - Escaping user input to prevent XSS --&gt;\n&lt;div&gt;\u0645\u0631\u062d\u0628\u0627\u064b\u060c &lt;%= encodeHtml(user.getName()) %&gt;&lt;\/div&gt;<\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"12\">\n<li><strong>\u0627\u062e\u062a\u0628\u0627\u0631 \u0634\u0631\u0648\u0637 \u0627\u0644\u062d\u062f\u0648\u062f<\/strong>: \u062a\u062d\u0642\u0642 \u0645\u0646 \u0623\u0646 \u0627\u0644\u0643\u0648\u062f \u064a\u062a\u0639\u0627\u0645\u0644 \u0645\u0639 \u0634\u0631\u0648\u0637 \u0627\u0644\u062d\u062f\u0648\u062f \u0628\u0634\u0643\u0644 \u0645\u0646\u0627\u0633\u0628 \u060c \u0645\u062b\u0644 \u0623\u0637\u0648\u0627\u0644 \u0627\u0644\u0625\u062f\u062e\u0627\u0644 \u0627\u0644\u0642\u0635\u0648\u0649 \u0648\u062d\u062f\u0648\u062f \u0627\u0644\u0635\u0641\u064a\u0641.<\/li>\n<\/ol>\n\n\n\n<p>\u064a\u062c\u0628 \u0623\u0646 \u062a\u0645\u0646\u062d\u0643 \u0647\u0630\u0647 \u0627\u0644\u0623\u0645\u062b\u0644\u0629 \u0648\u0627\u0644\u0625\u0631\u0634\u0627\u062f\u0627\u062a \u0646\u0642\u0637\u0629 \u0628\u062f\u0627\u064a\u0629 \u0644\u0625\u062c\u0631\u0627\u0621 \u0645\u0631\u0627\u062c\u0639\u0627\u062a \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0622\u0645\u0646\u0629. \u0645\u0646 \u0627\u0644\u0636\u0631\u0648\u0631\u064a \u0645\u0648\u0627\u0643\u0628\u0629 \u0623\u062d\u062f\u062b \u0645\u0645\u0627\u0631\u0633\u0627\u062a \u0627\u0644\u0623\u0645\u0627\u0646 \u0648\u0627\u0644\u062d\u0635\u0648\u0644 \u0639\u0644\u0649 \u0641\u0647\u0645 \u0634\u0627\u0645\u0644 \u0644\u0644\u063a\u0627\u062a \u0627\u0644\u0628\u0631\u0645\u062c\u0629 \u0648\u0623\u0637\u0631 \u0627\u0644\u0639\u0645\u0644 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645\u0629. \u064a\u062c\u0628 \u0623\u0646 \u062a\u0643\u0648\u0646 \u0645\u0631\u0627\u062c\u0639\u0627\u062a \u0627\u0644\u0643\u0648\u062f \u0627\u0644\u0645\u0646\u062a\u0638\u0645\u0629 \u0648\u0627\u062e\u062a\u0628\u0627\u0631 \u0627\u0644\u0623\u0645\u0627\u0646 \u0627\u0644\u0645\u0633\u062a\u0645\u0631 \u062c\u0632\u0621\u064b\u0627 \u0644\u0627 \u064a\u062a\u062c\u0632\u0623 \u0645\u0646 \u062f\u0648\u0631\u0629 \u062d\u064a\u0627\u0629 \u062a\u0637\u0648\u064a\u0631 \u0627\u0644\u0628\u0631\u0627\u0645\u062c \u0644\u0644\u062d\u0641\u0627\u0638 \u0639\u0644\u0649 \u0642\u0627\u0639\u062f\u0629 \u062a\u0639\u0644\u064a\u0645\u0627\u062a \u0628\u0631\u0645\u062c\u064a\u0629 \u0622\u0645\u0646\u0629.<\/p>","protected":false},"excerpt":{"rendered":"<p>Secure code review is a critical process in software development to identify and mitigate potential security vulnerabilities in the code. Here, I&#8217;ll provide you with a step-by-step guide on how to perform a secure code review, along with some examples of common security issues and their corresponding fixes. Step-by-step guide [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[1],"tags":[28,24,25],"class_list":["post-618","post","type-post","status-publish","format-standard","hentry","category-webapplicationsecurity","tag-mobile-applications","tag-security","tag-web-applications"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/posts\/618","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/comments?post=618"}],"version-history":[{"count":3,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/posts\/618\/revisions"}],"predecessor-version":[{"id":626,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/posts\/618\/revisions\/626"}],"wp:attachment":[{"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/media?parent=618"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/categories?post=618"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securesteps.tn\/ar\/wp-json\/wp\/v2\/tags?post=618"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}